Jira Data Center Java API Inconsistency

KCWong · May 18, 2023, 7:33am

This will probably be yet another thread of mine about Data Center’s Java API with no replies, but whatever.

In Permission Scheme, I setup something like this:

Note in granted to “Group”, I can have one granted to “Anyone on the web”.

In the database (SELECT * FROM SCHEMEPERMISSIONS;), that shows up as:

So, a type of “group” with null parameter.

In my plugin’s Java code, I can obtain a full list of permission schemes like this:

ServiceOutcome<? extends List<PermissionScheme>> outcome = SERVICE.getPermissionSchemes(getAdminUser());
if (outcome.isValid()) {
	for (PermissionScheme scheme : outcome.getReturnedValue()) {

Diving into scheme.getPermissions(), I can see the group items are:

Permission Holder Key: group, Parameter: null
Permission Holder Key: group, Parameter: jira-servicedesk-users

Which matches with what’s seen in database and on UI. Good so far.

Now try to create the same with PermissionSchemeService:

PermissionHolder holder = (param == null)? 
					PermissionHolder.holder(type) : 
					PermissionHolder.holder(type, param) ;
ProjectPermissionKey key = new ProjectPermissionKey(e.getPermissionKey());
PermissionGrantInput item = PermissionGrantInput.newGrant(holder, key);

And PermissionHolder.holder() reports error when using type “group” and null parameter.

The error stacktrace is:

java.lang.IllegalArgumentException(Parameter should be set if and only if type requires it. Type was: GROUP, parameter was: null):
com.google.common.base.Preconditions.checkArgument()[Preconditions.java@141]
com.atlassian.jira.permission.PermissionHolder.holder()[PermissionHolder.java@59]
com.atlassian.jira.permission.PermissionHolder.holder()[PermissionHolder.java@54]

So the API is giving me “group” with null parameter.
But I cannot create the same thing because it wants non-null parameter with “group”.

Before this, I was using PermissionSchemeManager to create Scheme and SchemeEntity. But I couldn’t figure out how to properly update a Scheme with PermissionSchemeManager (unable to delete exising SchemeEntity). Plus I need to muck around with GenericValue and deprecated APIs.

So my question is how to create PermissionScheme using PermissionSchemeService, creating “group” permissions that has no parameter?

KCWong · May 18, 2023, 8:40am

The UI page calls the internal REST /jira/rest/internal/2/managedpermissionscheme/{schemeID}.

The source code is in ManagedPermissionSchemeHelperImpl. Which is NOT calling PermissionSchemeService. It uses PermissionSchemeManager.

So whatever PermissionSchemeService is for, it cannot do everything the UI/PermissionSchemeManager can.

luis.plaza · June 4, 2024, 1:58pm

It is needed something like the internal API rest method but in the public APIs

I try this one but I get a http 400

curl -L 'https://{{baseurl}}/rest/internal/2/managedpermissionscheme/{{permissionSchemeId}}' \
-H 'Content-Type: application/json' \
-H 'Authorization: Basic ****' \
-d '{
 "permissionKeys": [
  "ADD_COMMENTS",
  "ASSIGNABLE_USER",
  "ASSIGN_ISSUES",
  "BROWSE_PROJECTS",
  "CREATE_ATTACHMENTS",
  "CREATE_ISSUES",
  "DELETE_OWN_COMMENTS",
  "EDIT_ISSUES",
  "EDIT_OWN_COMMENTS",
  "LINK_ISSUES",
  "MODIFY_REPORTER",
  "MOVE_ISSUES",
  "RESOLVE_ISSUES",
  "TRANSITION_ISSUES",
  "VIEW_VOTERS_AND_WATCHERS"
 ],
 "grants": [
  {
   "securityType": "projectrole",
   "value": "{{projectroleId}}"
  }
 ]
}